Level 21 Hacker

I have ample evidence that ET is a weedy little twerp.

The E-Peen™ exists as a way for us to thank people for identifying exploits on the site (gameplay/security/etc) and reporting them to us privately so they can be fixed.

In other words, if you find something broken, then go crazy posting it on Flamebate or IDC, upsetting the economy and crashing the game to a halt, you won’t get the E-Peen™.

Some people seem to think we have made exceptions to this rule. However, to the best of my knowledge we have not. Sometimes people who announce exploits publically get the E-Peen™ for other reasons, but I have been giving it out this way for quite some time.

Sometimes, an adept player will report more than one exploit, even after they have received the E-Peen™. If they have alts, we’ll let them give the E-Peen™ to another alt. Still, as you can imagine this doesn’t encourage people to keep finding and telling us about exploits.

So, my new policy is to give 30 BP per identified/fixed exploit to any player who already has the E-Peen™. This is to encourage continued good behavior.

Thanks for all the help so far guys. Every time we fix a hole it makes the game better for everyone else!

Level 69 Troll

Trying to create drama to drum up the ratings by any means necessary!

If the goal is to encourage the finding of hacks, would it be worth publicizing the ones which were deserving of the peen, in order to “jump-start” ideas on how to find them? Or are you too worried that would lead to abuse?

“43 4f 44 45 20 4d 41 53 54 45 52”

Level 21 Hacker

I have ample evidence that ET is a weedy little twerp.

MC Banhammer Posted:

If the goal is to encourage the finding of hacks, would it be worth publicizing the ones which were deserving of the peen, in order to “jump-start” ideas on how to find them? Or are you too worried that would lead to abuse?

Yeah it’s a slippery slope.

The most common exploits tend to be CSRF based. In other words, links to the site that will change your data that will work just as pbuming a link around.

We’ve never had a SQL injection exploit, probably because we use ActiveRecord and rarely write out manual SQL.

Level 35 Troll

KYOUBAI IS SUPER-SERIOUS BUSINESS

MC Banhammer Posted:

Retroactive? Log in to see images!

I’d be happy with just getting the E-Peen retroactively. That .moar file pieces/Un-Cheater exploit report that Scully & I both sent in was pretty significant, IMHO. Definitely would have had a major affect on gameplay.

But this is a really nice way to encourage fair-play and proper behavior.

Level 21 Hacker

I have ample evidence that ET is a weedy little twerp.

Acid Flux Posted:

I’d be happy with just getting the E-Peen retroactively. That .moar file pieces/Un-Cheater exploit report that Scully & I both sent in was pretty significant, IMHO. Definitely would have had a major affect on gameplay.

Generally if more than one person identifies an exploit, the first person to report it gets it.

I haven't seen a bad idea that I didn't like.

Level 21 Hacker

I have ample evidence that ET is a weedy little twerp.

Shii Posted:

Is there any way for non-malicious-non-hacker players like me to ever get the peen?

And also, if we report serious bugs when a new update launches, that doesn’t count, correct?

Unfortunately no. Bug reports are valued, but there’s a difference between a bug and an exploit. An exploit allows you to advance in the game in a malicious way, or perhaps to make people do things with their accounts that they didn’t want to do.

Fortunato Posted:

Can I start a thread detailing how I got it?

Sure.

LRFLEW Posted:

I reported when I got negative PP. Does that make me eligible for this e-peen or am I just being a huge n00b for asking?